RFC 2911:Internet Printing Protocol/1.1: Model and...
RFC-Ref

1 - 3 - 7 - 8 - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W

security

Click on the red underlined text to get to the source

1. Introduction
... considerations, respectively. - Sections 7 - 11 cover the Internationalization and Security considerations as well as References, Author contact information, and Formats for Registration Proposals. ...


2. IPP Objects
... support authentication and/or message privacy using Transport Layer Security (TLS) [RFC2246] (the mechanism for security ...
... Transport Layer Security (TLS) [RFC2246] (the mechanism for security configuration is outside the scope of this IPP/1.1 document). In some situations, ...
... negotiation mechanism. In other situations, multiple communication channels are used, one for each type of security configuration. Section 8 provides a full description of all security considerations and configurations. ...
... communication channels are used, one for each type of security configuration. Section 8 provides a full description of all security considerations and configurations. If a Printer object supports more than one communication channel ...
... some or all of those channels might support and/or require different security mechanisms. In such cases, an administrator could expose the simultaneous support for these multiple communication channels ...
... communication channel to the Printer object. The "printer-uri-supported" attribute has two companion attributes, the "uri-security-supported" attribute and the "uri-authentication- supported". Both have the same cardinality as "printer-uri- ...
... authentication- supported". Both have the same cardinality as "printer-uri- supported". The purpose of the "uri-security-supported" attribute is to indicate the security mechanisms (if any) used for each URI ...
... supported". The purpose of the "uri-security-supported" attribute is to indicate the security mechanisms (if any) used for each URI listed in "printer-uri-supported". The purpose of the "uri-authentication ...
... target for subsequent Job operations. The Printer object generates a Job URI based on its configured security policy and the URI used by the client ...
... Printer's "printer-uri-supported" attribute contains the URI(s). - The Printer object's "uri-security-supported" attribute identifies the communication channel security protocols ...
... security-supported" attribute identifies the communication channel security protocols that may or may not have been configured for the various Printer object URIs ...


3. IPP Operations
... URI when directing operations at the Job object. The Printer object always uses its configured security policy when creating the new URI. However, if the Printer object supports more than one URI ...
... document data) would be accepted. The Validate-Job operation also performs the same security negotiation as the Print-Job operation (see section 8), so that a client ...
... client can check that the client and Printer object security requirements can be met before performing a Print-Job operation. ...
... attribute which is not supported. The Printer object MAY respond with a subset of the supported attributes and values, depending on the security policy in force. However, the Printer object MUST respond with the 'unknown' value for any supported attribute (including all REQUIRED attributes) for which the Printer object ...
... for each returned Job object. The Printer object ignores (does not respond with) any requested attribute or value which is not supported or which is restricted by the security policy in force, including whether the requesting user is the user that submitted the job (job originating user) or not (see section 8). However, ...
... supported attribute (including all REQUIRED attributes) for which the Printer object does not know the value, unless it would violate the security policy. See the description of the "out-of- band" values in the beginning of Section 4.1. ...
... IPP object ignores (does not respond with) any requested attribute or value which is not supported or which is restricted by the security policy in force, including whether the requesting user is the user that submitted the job (job originating user) or not (see section 8). However, the IPP ...
... REQUIRED attributes) for which the IPP object does not know the value, unless it would violate the security policy. See the description of the "out-of-band" values in the beginning of ...


4. Object Attributes
... generating the Job URI and the Printer object is aware of its security configuration and policy as well as the Printer URI used in the create ...
... authorized end-user, such as a member of the job owner's security group. This value SHOULD be supported. 'job-canceled-by-operator': The job was canceled by the operator ...
... authenticated as having operator privileges (whether local or remote). If the security policy is to allow anyone to cancel anyone's job, then this value may be used when the job is canceled by other than the owner of the job. For such a ...
... anyone's job, then this value may be used when the job is canceled by other than the owner of the job. For such a security policy, in effect, everyone is an operator as far as canceling jobs with IPP is concerned. This value SHOULD be ...
... | printer-uri-supported | 1setOf uri | REQUIRED | +----------------------------+---------------------------+-----------+ | uri-security-supported | 1setOf type2 keyword | REQUIRED | +----------------------------+---------------------------+-----------+ | uri-authentication ...
... of this URI is implementation dependent and depends on the protocol. See the next two sections for a description of the "uri-security- supported" and "uri-authentication-supported" attributes, both of ...
... supported" attribute. See section 2.4 on Printer object identity and section 8.2 on security and URIs for more information. ...
... uri-security-supported (1setOf type2 keyword) ...
... This REQUIRED Printer attribute MUST have the same cardinality (contain the same number of values) as the "printer-uri-supported" attribute. This attribute identifies the security mechanisms used for each URI listed in the "printer-uri-supported" attribute. The "i ...
... for each URI listed in the "printer-uri-supported" attribute. The "i th" value in "uri-security-supported" corresponds to the "i th" value in "printer-uri-supported" and it describes the security mechanisms ...
... th" value in "uri-security-supported" corresponds to the "i th" value in "printer-uri-supported" and it describes the security mechanisms used for accessing the Printer object via that URI. See [RFC2910 ...
... URI. See [RFC2910] for more details on security mechanisms. The following standard keyword values are defined: ...
... administrator configures the "printer-uri-supported", "uri- authentication-supported" and "uri-security-supported" attributes as follows: ...
... "uri-authentication-supported": 'none', 'digest', 'basic' "uri-security-supported": 'none', 'none', 'tls' Note: 'xxx' is not a valid ...
... - For the first URI, 'xxx://acme.com/open-use-printer', the value 'none' in "uri-security-supported" indicates that there is no secure channel protocol configured to run under HTTP ...
... - For the second URI, 'xxx://acme.com/restricted-use-printer', the value 'none' in "uri-security-supported" indicates that there is no secure channel protocol configured to run under HTTP ...
... - For the third URI, 'xxx://acme.com/private-printer', the value 'tls' in "uri-security-supported" indicates that TLS is being used to secure the channel ...
... channel, but the fact is made explicit by the presence of the 'tls' value in "uri-security-supported". The client does not need to resort to understanding which security ...
... security-supported". The client does not need to resort to understanding which security it must use by following naming conventions or by parsing the URI to determine which security mechanisms ...
... security it must use by following naming conventions or by parsing the URI to determine which security mechanisms are implied. The value of 'basic' in "uri- authentication-supported" indicates that the Printer will issue ...


5. Conformance
... Security ...
... document. Security MUST NOT be compromised when a client supplies a lower "version ...


8. Security Considerations
... Security Considerations ...
... It is difficult to anticipate the security risks that might exist in any given IPP environment. For example, if IPP ...
... might be in effect. See section 8.3 below for more details. Since the security levels or the specific threats that an IPP system administrator may be concerned with cannot be anticipated, IPP ...
... system administrator may be concerned with cannot be anticipated, IPP MUST be capable of operating with different security mechanisms and security policies as required by the individual installation. ...
... be capable of operating with different security mechanisms and security policies as required by the individual installation. Security policies might vary from very strong, to very weak, to none ...
... security policies as required by the individual installation. Security policies might vary from very strong, to very weak, to none at all, and corresponding security mechanisms will be required. ...
... Security policies might vary from very strong, to very weak, to none at all, and corresponding security mechanisms will be required. ...
... Security Scenarios ...
... The following sections describe specific security attacks for IPP environments. Where examples are provided they should be considered ...
... Client and Server in the Same Security Domain ...
... Client and Server in Different Security Domains ...
... the document to the business associate as a facsimile. Printing sensitive information on a Printer in a different security domain requires strong security measures ...
... security domain requires strong security measures. In this environment authentication of the printer is required as well as protection against ...
... of the printer is required as well as protection against unauthorized use of print resources. Since the document crosses security domains, protection against ...
... The "printer-uri-supported" attribute contains the Printer object's URI(s). Its companion attribute, "uri-security-supported", identifies the security mechanism used for each URI ...
... URI(s). Its companion attribute, "uri-security-supported", identifies the security mechanism used for each URI listed in the "printer-uri-supported" attribute. For each Printer operation ...
... objects, and the Printer object will generate the correct URI for new Job objects depending on the Printer object's security configuration. ...
... IPP operations, a client supplies a list of attributes to be returned in the response. For security reasons, an IPP object may be configured not to return all attributes (or all values) that a client requests ...
... object, could the foreign jobs be queried by an IPP request. Alternatively, if the security policy is to allow users to query other users' jobs, then the foreign jobs would also be visible to an ...


9. References
... Horowitz, M. and S. Lunt, "FTP Security Extensions", RFC 2228prop, October 1997. ...
... Bellovin, S., "Report of the IAB Security Architecture Workshop", RFC 2316, April 1998. ...


13. APPENDIX B: Status Codes and Suggested Status Code Messages
... under attack by a client attempting to exploit security holes present in some IPP objects using fixed-length buffers ...


16. APPENDIX E: Generic Directory Schema
... the IPP Printer object using one of its URIs. The "uri-security- supported" attribute identifies the protocol (if any) used to secure a channel ...
... uri-authentication-supported RECOMMENDED Section 4.4.2 uri-security-supported RECOMMENDED Section 4.4.3 printer-name RECOMMENDED Section 4.4.4 printer-location RECOMMENDED Section 4.4.5 ...


17. APPENDIX F: Differences between the IPP/1.0 and IPP/1.1 "Model and Semantics" Documents
... "date-time-at-processing", and "date-time-at-completed" Event Time Job Description attributes 51. Section 4.4.3 - added the 'tls' value to "uri-security- supported" attribute. 52. Section 4.4.3 - clarified "uri-security ...
... security- supported" attribute. 52. Section 4.4.3 - clarified "uri-security-supported" is orthogonal to Client Authentication so that 'none' does not ...
... URIs for each Client Authentication mechanism. 68. Section 8.5 - added the security discussion around the new operator/administrator ...
... REQUIRED. 21. Section 5.1 - changed the client security requirements from RECOMMENDED non-standards track SSL3 to MUST support Client Authentication as defined in the IPP ...
... RFC2910]. 22. Section 5.2.7 - changed the IPP object security requirements from OPTIONAL non-standards track SSL3 to SHOULD contain support for Client Authentication ...
... Privacy and Server Authentication. Security MUST NOT be compromised when the client supplies a lower version ...

1 - 3 - 7 - 8 - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org